SwiftPay 247Get started

Privacy Policy

Last updated: 18 May 2026

1. Introduction

This Privacy Policy explains how SwiftPay 247 (“SwiftPay”, “we”, “us”), operated by SwiftPay LLC, a company registered in New York, USA, collects, uses, shares, and protects your personal data when you use our payment services or visit our website.

We comply with the Digital Personal Data Protection Act, 2023 (“DPDPA”) and applicable Reserve Bank of India (“RBI”) rules governing payment aggregators, where our processing relates to customers and data in India.

2. Information We Collect

From merchants (account holders):

  • Identity data: name, PAN, GST number, business registration documents, directors' IDs
  • Contact data: email, phone, registered business address
  • Financial data: bank account details, transaction history, settlement records
  • Verification data: KYC documents, signatures, photographs where required
  • Compliance data: AML/CFT screening results, sanctions-list checks

From end-customers (payers):

  • Payment data: payment-instrument details (tokenised where applicable), UPI VPA, card BIN, transaction amount and currency
  • Device data: IP address, browser, device fingerprint (used for fraud prevention)
  • Contact data: name, email, phone, where provided to the merchant

Automatic data:

  • Usage data: page views, click events, API call logs
  • Cookies and similar technologies (see Section 8)

3. How We Use Your Data

We process personal data to:

  • Provide and operate the payment services
  • Verify identity (KYC) and onboard merchants
  • Process transactions, settlements, and payouts
  • Detect and prevent fraud, money laundering, and financial crime
  • Comply with legal and regulatory obligations
  • Communicate with you about your account and service updates
  • Improve, develop, and secure our services
  • Send marketing communications (with consent where required)

4. Legal Basis for Processing

Under the DPDPA, we process data based on:

  • Consent, where required by law
  • Performance of a contract with you
  • Compliance with legal obligations (including RBI rules and tax laws)
  • Legitimate interests, including fraud prevention, service security, and lawful business operations

5. Sharing of Information

We share personal data with:

  • Banks, payment networks, and card schemes (Visa, Mastercard, RuPay, UPI/NPCI) to process transactions
  • Regulators, law-enforcement agencies, and courts where required by law
  • KYC and AML service providers for identity verification
  • Service providers (cloud hosting, analytics, fraud detection, communications) under written agreements that require equivalent data-protection standards
  • Successors in case of merger, acquisition, or restructuring (with notice)
  • Merchants — limited end-customer data necessary to process or reverse a transaction

We do not sell personal data.

6. International Transfers

Some service providers operate outside India. We transfer data internationally only to jurisdictions notified by the Government of India as permitted, and only under appropriate contractual safeguards. RBI's payment-data localisation rules continue to apply — payment-related data is stored in India.

7. Data Retention

  • We retain personal data for the duration of your account and for 8 years after termination, as required by RBI Payment Aggregator rules
  • We may retain data longer where required for legal claims, fraud investigation, or regulatory inquiry
  • Aggregated and anonymised data may be retained indefinitely for analytics and product improvement

8. Cookies and Tracking

Our website uses:

  • Essential cookies — for authentication, security, and session management. These are required for the service to function.
  • Analytics cookies — to understand usage patterns and improve the service. You can disable these in your browser.

9. Your Rights

Under the DPDPA, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Erase data, where legally permissible (note: financial and KYC records must be retained per RBI rules)
  • Withdraw consent, where consent is the basis for processing
  • Nominate a person to exercise your rights in case of death or incapacity
  • Raise a grievance with our Grievance Officer (see Section 13)

To exercise your rights, email privacy@swiftpay247.com. We will respond within the timelines prescribed by law.

10. Security

We implement administrative, technical, and physical safeguards including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Tokenisation of card and bank data
  • PCI-DSS controls for cardholder data
  • Access controls, audit logs, and intrusion detection
  • Periodic security audits and penetration testing
  • Employee training on data protection

No system is completely secure. In the event of a personal-data breach, we will notify affected users and the Data Protection Board of India as required by law.

11. Children's Privacy

Our services are not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact us at privacy@swiftpay247.com and we will delete it.

12. Changes to This Policy

We may update this Policy from time to time. Updated versions will be posted on this page with a revised “Last updated” date. Material changes will be communicated to merchants by email.

13. Grievance Officer

Per the IT Rules, 2011 and DPDPA, 2023, our Grievance Officer is:

[NAME]

SwiftPay LLC

New York, USA

Email: grievance@swiftpay247.com

We respond to grievances within 30 days of receipt.

14. Contact

For privacy questions: privacy@swiftpay247.com

For general queries: support@swiftpay247.com